{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50442","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:07.010Z","datePublished":"2025-10-01T11:42:18.012Z","dateUpdated":"2026-05-11T19:19:34.516Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:19:34.516Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate buffer length while parsing index\n\nindx_read is called when we have some NTFS directory operations that\nneed more information from the index buffers. This adds a sanity check\nto make sure the returned index buffer length is legit, or we may have\nsome out-of-bound memory accesses.\n\n[  560.897595] BUG: KASAN: slab-out-of-bounds in hdr_find_e.isra.0+0x10c/0x320\n[  560.898321] Read of size 2 at addr ffff888009497238 by task exp/245\n[  560.898760]\n[  560.899129] CPU: 0 PID: 245 Comm: exp Not tainted 6.0.0-rc6 #37\n[  560.899505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[  560.900170] Call Trace:\n[  560.900407]  <TASK>\n[  560.900732]  dump_stack_lvl+0x49/0x63\n[  560.901108]  print_report.cold+0xf5/0x689\n[  560.901395]  ? hdr_find_e.isra.0+0x10c/0x320\n[  560.901716]  kasan_report+0xa7/0x130\n[  560.901950]  ? hdr_find_e.isra.0+0x10c/0x320\n[  560.902208]  __asan_load2+0x68/0x90\n[  560.902427]  hdr_find_e.isra.0+0x10c/0x320\n[  560.902846]  ? cmp_uints+0xe0/0xe0\n[  560.903363]  ? cmp_sdh+0x90/0x90\n[  560.903883]  ? ntfs_bread_run+0x190/0x190\n[  560.904196]  ? rwsem_down_read_slowpath+0x750/0x750\n[  560.904969]  ? ntfs_fix_post_read+0xe0/0x130\n[  560.905259]  ? __kasan_check_write+0x14/0x20\n[  560.905599]  ? up_read+0x1a/0x90\n[  560.905853]  ? indx_read+0x22c/0x380\n[  560.906096]  indx_find+0x2ef/0x470\n[  560.906352]  ? indx_find_buffer+0x2d0/0x2d0\n[  560.906692]  ? __kasan_kmalloc+0x88/0xb0\n[  560.906977]  dir_search_u+0x196/0x2f0\n[  560.907220]  ? ntfs_nls_to_utf16+0x450/0x450\n[  560.907464]  ? __kasan_check_write+0x14/0x20\n[  560.907747]  ? mutex_lock+0x8f/0xe0\n[  560.907970]  ? __mutex_lock_slowpath+0x20/0x20\n[  560.908214]  ? kmem_cache_alloc+0x143/0x4b0\n[  560.908459]  ntfs_lookup+0xe0/0x100\n[  560.908788]  __lookup_slow+0x116/0x220\n[  560.909050]  ? lookup_fast+0x1b0/0x1b0\n[  560.909309]  ? lookup_fast+0x13f/0x1b0\n[  560.909601]  walk_component+0x187/0x230\n[  560.909944]  link_path_walk.part.0+0x3f0/0x660\n[  560.910285]  ? handle_lookup_down+0x90/0x90\n[  560.910618]  ? path_init+0x642/0x6e0\n[  560.911084]  ? percpu_counter_add_batch+0x6e/0xf0\n[  560.912559]  ? __alloc_file+0x114/0x170\n[  560.913008]  path_openat+0x19c/0x1d10\n[  560.913419]  ? getname_flags+0x73/0x2b0\n[  560.913815]  ? kasan_save_stack+0x3a/0x50\n[  560.914125]  ? kasan_save_stack+0x26/0x50\n[  560.914542]  ? __kasan_slab_alloc+0x6d/0x90\n[  560.914924]  ? kmem_cache_alloc+0x143/0x4b0\n[  560.915339]  ? getname_flags+0x73/0x2b0\n[  560.915647]  ? getname+0x12/0x20\n[  560.916114]  ? __x64_sys_open+0x4c/0x60\n[  560.916460]  ? path_lookupat.isra.0+0x230/0x230\n[  560.916867]  ? __isolate_free_page+0x2e0/0x2e0\n[  560.917194]  do_filp_open+0x15c/0x1f0\n[  560.917448]  ? may_open_dev+0x60/0x60\n[  560.917696]  ? expand_files+0xa4/0x3a0\n[  560.917923]  ? __kasan_check_write+0x14/0x20\n[  560.918185]  ? _raw_spin_lock+0x88/0xdb\n[  560.918409]  ? _raw_spin_lock_irqsave+0x100/0x100\n[  560.918783]  ? _find_next_bit+0x4a/0x130\n[  560.919026]  ? _raw_spin_unlock+0x19/0x40\n[  560.919276]  ? alloc_fd+0x14b/0x2d0\n[  560.919635]  do_sys_openat2+0x32a/0x4b0\n[  560.920035]  ? file_open_root+0x230/0x230\n[  560.920336]  ? __rcu_read_unlock+0x5b/0x280\n[  560.920813]  do_sys_open+0x99/0xf0\n[  560.921208]  ? filp_open+0x60/0x60\n[  560.921482]  ? exit_to_user_mode_prepare+0x49/0x180\n[  560.921867]  __x64_sys_open+0x4c/0x60\n[  560.922128]  do_syscall_64+0x3b/0x90\n[  560.922369]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[  560.923030] RIP: 0033:0x7f7dff2e4469\n[  560.923681] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088\n[  560.924451] RSP: 002b:00007ffd41a210b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000002\n[  560.925168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dff2e4469\n[  560.925655] RDX: 0000000000000000 RSI: 0000000000000002 RDI:\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ntfs3/index.c"],"versions":[{"version":"4534a70b7056fd4b9a1c6db5a4ce3c98546b291e","lessThan":"3cd9e5b41b83bb57ac3cf9888f9fef2a6ef8ed96","status":"affected","versionType":"git"},{"version":"4534a70b7056fd4b9a1c6db5a4ce3c98546b291e","lessThan":"b15374365c9d10445ea7d66cdf885457a0223fc2","status":"affected","versionType":"git"},{"version":"4534a70b7056fd4b9a1c6db5a4ce3c98546b291e","lessThan":"3f6f75e8863f41c8b3dbfd9d99e3963aaca42601","status":"affected","versionType":"git"},{"version":"4534a70b7056fd4b9a1c6db5a4ce3c98546b291e","lessThan":"4d42ecda239cc13738d6fd84d098a32e67b368b9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ntfs3/index.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.17","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.3","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.0.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3cd9e5b41b83bb57ac3cf9888f9fef2a6ef8ed96"},{"url":"https://git.kernel.org/stable/c/b15374365c9d10445ea7d66cdf885457a0223fc2"},{"url":"https://git.kernel.org/stable/c/3f6f75e8863f41c8b3dbfd9d99e3963aaca42601"},{"url":"https://git.kernel.org/stable/c/4d42ecda239cc13738d6fd84d098a32e67b368b9"}],"title":"fs/ntfs3: Validate buffer length while parsing index","x_generator":{"engine":"bippy-1.2.0"}}}}